[openssl] master update

Matt Caswell matt at openssl.org
Thu Mar 18 12:14:23 UTC 2021 

The branch master has been updated
       via  ee067bc066ccc21462a1a489f8f1314c7207c01f (commit)
      from  7e7e034a10842dad3866c9447481b8527024bf44 (commit)


- Log -----------------------------------------------------------------
commit ee067bc066ccc21462a1a489f8f1314c7207c01f
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Mar 16 12:03:08 2021 +0000

    Ensure we deregister thread handlers even after a failed init
    
    If we attempt to init a provider but that init fails, then we should
    still deregister any thread handlers. The provider may have failed after
    these were registered.
    
    Fixes #13338
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14576)

-----------------------------------------------------------------------

Summary of changes:
 crypto/provider_core.c | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index 4d77108c33..632ea72a5d 100644
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -359,9 +359,6 @@ void ossl_provider_free(OSSL_PROVIDER *prov)
          */
         if (ref == 0) {
             if (prov->flag_initialized) {
-#ifndef FIPS_MODULE
-                ossl_init_thread_deregister(prov);
-#endif
                 if (prov->teardown != NULL)
                     prov->teardown(prov->provctx);
 #ifndef OPENSSL_NO_ERR
@@ -380,6 +377,12 @@ void ossl_provider_free(OSSL_PROVIDER *prov)
             }
 
 #ifndef FIPS_MODULE
+            /*
+             * We deregister thread handling whether or not the provider was
+             * initialized. If init was attempted but was not successful then
+             * the provider may still have registered a thread handler.
+             */
+            ossl_init_thread_deregister(prov);
             DSO_free(prov->module);
 #endif
             OPENSSL_free(prov->name);
@@ -561,10 +564,6 @@ static int provider_init(OSSL_PROVIDER *prov)
                                 &provider_dispatch, &tmp_provctx)) {
         ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INIT_FAIL,
                        "name=%s", prov->name);
-#ifndef FIPS_MODULE
-        DSO_free(prov->module);
-        prov->module = NULL;
-#endif
         goto end;
     }
     prov->provctx = tmp_provctx;

More information about the openssl-commits mailing list